-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Richard Creighton wrote:
G T Smith wrote:
Ouch! If this is hosting the authorative master zone for the domain this means you may have inadvertently broken your domain. I am not certain this is a choice in this case...
<snip>
The DNSStuff.com report shows the outside world can get the records, including reverse DNS info. The log exerpt was a bad choice where I had temporarily closed the DNS to the outside. I am not concerned about the size of the log, I know several ways to erase files :) What I am concerned about is DNS security. I have read several whitepapers on the subject where DNS servers are under attack from script-kiddies so slowly, but surely I will be converting to a split DNS topography where there is a public side and a private side but in both cases, detecting the attack and dynamically responding to it is a desirable goal.
Point taken... I suspect that because you were effectively acting as a open forwarder for a while your DNS may have been identified as good vector for generating attacks on third parties. I think you may find one of two things may happen now the attackers will go away, or they may get really p***d and try and blow you out of the water (network... whatever).... Hopefully the former, if latter grab hard hat and duck :-) But there is a good point in that anyone running an externally available DNS that they should look at their query and forwarding configuration. - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD4DBQFGrHB+asN0sSnLmgIRAg8fAJiG99is5lnTF6qRpsQONHzl5PBWAKDqyRZs 9HzgVMpdEfJKhuJqg6MFkQ== =C1Zt -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org